Tips: SSL Certificates for Small Business Server
Microsoft Small Business Server (SBS) provides a wizard for Web Certificate Management that should be used in lieu of Exchange or IIS when issuing a certificate signing request (CSR).
Here are a few tips to remember when using the SBS Wizard.
Steps to Complete
The steps for an initial SSL certificate and a renewal are similar. So, if you used the wizard when installing the initial certificate and now want to update, the wizard recognizes that. Essentially, the steps are:
- In SBS, open the Standard Console and navigate to Network -> Connectivity -> Web Server Certificate, and select Certificate.
- Under Tasks, select Add a trusted certificate.
- The wizard will take you through the steps to produce encoded data that becomes your request. You can either copy this data, or save it to a file.
- Assuming you have purchased either a new or renewed certificate, you'll need to go to your provider's site and paste in the encoded to request the certificate.
- The verification process can take some time, but when it is complete you will able to download the certificate files (2 of them) and complete the wizard in SBS.
- I had a problem installing SBS certificates that were downloaded from a browser to a Mac that was not a domain member. The provider was not able/willing to help me and the SBS message was not helpful. Turns out the location of the download made a difference.
- GoDaddy's site defaults you to the download page for active certificates. You have to go back to the All breadcrumb and make sure to change the last dropdown from "Not Expired or Revoked" to "All" to see the certificate you are trying renew. (I had to call tech support to find this.)
- GoDaddy asks for a server type when downloading the certificate. You can select either Exchange or IIS, as these files are identical.
- There are 2 files included in the .zip file, a .crt (which is the actual certificate) and a .p7b (which is an intermediate). You only need to install the .crt.